From f54e22b2ea718d5711a2f7e2fd5a98fcf35d41cf Mon Sep 17 00:00:00 2001 From: Robert Gemmell Date: Thu, 18 Aug 2011 14:42:46 +0000 Subject: QPID-3429: ensure that SSL is enabled correctly in MinaNetworkHandler. Refactor SSLContextFactory to be a factory, and present a useful interface for both client and server side use. Added keystore for the Java broker, renamed existing client trust/key stores for clarity. Fix SSL port configuration. Added new SSL tests, and ensure these are *always* run in the Java 0-10 profiles. Committing work by myself and Keith Wall. git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1159250 13f79535-47bb-0310-9956-ffa450edef68 --- qpid/java/test-profiles/JavaExcludes | 3 +++ qpid/java/test-profiles/JavaPre010Excludes | 5 +++++ qpid/java/test-profiles/cpp.ssl.excludes | 4 ++++ qpid/java/test-profiles/cpp.ssl.testprofile | 4 ++-- qpid/java/test-profiles/java-dby-spawn.0-9-1.testprofile | 2 +- qpid/java/test-profiles/java-dby.0-9-1.testprofile | 2 +- qpid/java/test-profiles/java-mms-spawn.0-9-1.testprofile | 2 +- qpid/java/test-profiles/java-mms.0-9-1.testprofile | 2 +- qpid/java/test-profiles/test_resources/ssl/certstore.jks | Bin 591 -> 0 bytes .../test-profiles/test_resources/ssl/java_broker.crt | 15 +++++++++++++++ .../test-profiles/test_resources/ssl/java_broker.req | 10 ++++++++++ .../test_resources/ssl/java_broker_keystore.jks | Bin 0 -> 2475 bytes .../test_resources/ssl/java_client_keystore.jks | Bin 0 -> 4296 bytes .../test_resources/ssl/java_client_truststore.jks | Bin 0 -> 591 bytes qpid/java/test-profiles/test_resources/ssl/keystore.jks | Bin 4296 -> 0 bytes 15 files changed, 43 insertions(+), 6 deletions(-) delete mode 100644 qpid/java/test-profiles/test_resources/ssl/certstore.jks create mode 100644 qpid/java/test-profiles/test_resources/ssl/java_broker.crt create mode 100644 qpid/java/test-profiles/test_resources/ssl/java_broker.req create mode 100644 qpid/java/test-profiles/test_resources/ssl/java_broker_keystore.jks create mode 100644 qpid/java/test-profiles/test_resources/ssl/java_client_keystore.jks create mode 100644 qpid/java/test-profiles/test_resources/ssl/java_client_truststore.jks delete mode 100644 qpid/java/test-profiles/test_resources/ssl/keystore.jks (limited to 'qpid/java/test-profiles') diff --git a/qpid/java/test-profiles/JavaExcludes b/qpid/java/test-profiles/JavaExcludes index 4be228c7da..2fc70e6e70 100644 --- a/qpid/java/test-profiles/JavaExcludes +++ b/qpid/java/test-profiles/JavaExcludes @@ -88,3 +88,6 @@ org.apache.qpid.server.configuration.ServerConfigurationFileTest#* org.apache.qpid.test.unit.client.connection.ConnectionTest#testClientIDVerification org.apache.qpid.jms.xa.XAResourceTest#* + +//The Java broker doesnt support client auth +org.apache.qpid.client.ssl.SSLTest#testMultipleCertsInSingleStore diff --git a/qpid/java/test-profiles/JavaPre010Excludes b/qpid/java/test-profiles/JavaPre010Excludes index 5d0c82c5d7..a7b008601d 100644 --- a/qpid/java/test-profiles/JavaPre010Excludes +++ b/qpid/java/test-profiles/JavaPre010Excludes @@ -40,3 +40,8 @@ org.apache.qpid.client.MessageListenerTest#testSynchronousReceiveNoWait org.apache.qpid.test.unit.client.connection.ConnectionTest#testUnsupportedSASLMechanism org.apache.qpid.test.unit.message.JMSPropertiesTest#testQpidExtensionProperties + +//The 0-8/0-9/0-9-1 client configuration for SSL does not work the same as the 0-10 client +//so these tests fail due to the client failing to use SSL +org.apache.qpid.client.ssl.SSLTest#* +org.apache.qpid.test.unit.client.AMQSSLConnectionTest#* diff --git a/qpid/java/test-profiles/cpp.ssl.excludes b/qpid/java/test-profiles/cpp.ssl.excludes index 4d499c57b9..4b77115c1a 100644 --- a/qpid/java/test-profiles/cpp.ssl.excludes +++ b/qpid/java/test-profiles/cpp.ssl.excludes @@ -18,3 +18,7 @@ // #org.apache.qpid.test.client.failover.FailoverTest#* + +//This test does not supply a client keystore, therefore it cant login to the C++ broker +//in this test profile as it demands client certificate authentication +org.apache.qpid.client.ssl.SSLTest#testCreateSSLConnectionUsingConnectionURLParamsTrustStoreOnly diff --git a/qpid/java/test-profiles/cpp.ssl.testprofile b/qpid/java/test-profiles/cpp.ssl.testprofile index bf71384835..b3bb5e22f7 100644 --- a/qpid/java/test-profiles/cpp.ssl.testprofile +++ b/qpid/java/test-profiles/cpp.ssl.testprofile @@ -23,7 +23,7 @@ broker.modules=--load-module ${broker.module.ssl} --ssl-cert-name localhost.loca profile.use_ssl=true broker.ready= Listening for SSL connections -javax.net.ssl.keyStore=${test.profiles}/test_resources/ssl/keystore.jks +javax.net.ssl.keyStore=${test.profiles}/test_resources/ssl/java_client_keystore.jks javax.net.ssl.keyStorePassword=password -javax.net.ssl.trustStore=${test.profiles}/test_resources/ssl/certstore.jks +javax.net.ssl.trustStore=${test.profiles}/test_resources/ssl/java_client_truststore.jks javax.net.ssl.trustStorePassword=password diff --git a/qpid/java/test-profiles/java-dby-spawn.0-9-1.testprofile b/qpid/java/test-profiles/java-dby-spawn.0-9-1.testprofile index f79e1f3aad..1580cec1c5 100644 --- a/qpid/java/test-profiles/java-dby-spawn.0-9-1.testprofile +++ b/qpid/java/test-profiles/java-dby-spawn.0-9-1.testprofile @@ -24,7 +24,7 @@ broker.clean=${test.profiles}/clean-dir ${build.data} ${project.root}/build/work broker.ready=BRK-1004 broker.stopped=Exception broker.config=${project.root}/build/etc/config-systests-derby.xml -broker.protocol.excludes=--exclude-0-10 @PORT +broker.protocol.excludes=--exclude-0-10 @PORT --exclude-0-10 @SSL_PORT messagestore.class.name=org.apache.qpid.server.store.DerbyMessageStore profile.excludes=JavaPersistentExcludes JavaPre010Excludes broker.clean.between.tests=true diff --git a/qpid/java/test-profiles/java-dby.0-9-1.testprofile b/qpid/java/test-profiles/java-dby.0-9-1.testprofile index f9700da82d..b4d506df05 100644 --- a/qpid/java/test-profiles/java-dby.0-9-1.testprofile +++ b/qpid/java/test-profiles/java-dby.0-9-1.testprofile @@ -24,7 +24,7 @@ broker.clean=${test.profiles}/clean-dir ${build.data} ${project.root}/build/work broker.ready=BRK-1004 broker.stopped=Exception broker.config=${project.root}/build/etc/config-systests-derby.xml -broker.protocol.excludes=--exclude-0-10 @PORT +broker.protocol.excludes=--exclude-0-10 @PORT --exclude-0-10 @SSL_PORT messagestore.class.name=org.apache.qpid.server.store.DerbyMessageStore profile.excludes=JavaPersistentExcludes JavaPre010Excludes broker.clean.between.tests=true diff --git a/qpid/java/test-profiles/java-mms-spawn.0-9-1.testprofile b/qpid/java/test-profiles/java-mms-spawn.0-9-1.testprofile index f94b93c793..4563600ba1 100644 --- a/qpid/java/test-profiles/java-mms-spawn.0-9-1.testprofile +++ b/qpid/java/test-profiles/java-mms-spawn.0-9-1.testprofile @@ -23,7 +23,7 @@ broker.command=${project.root}/build/bin/qpid-server -p @PORT -m @MPORT @EXCLUDE broker.clean=${test.profiles}/clean-dir ${build.data} ${project.root}/build/work broker.ready=BRK-1004 broker.stopped=Exception -broker.protocol.excludes=--exclude-0-10 @PORT +broker.protocol.excludes=--exclude-0-10 @PORT --exclude-0-10 @SSL_PORT # # Do not enable. Allow client to attempt 0-10 and negotiate downwards # diff --git a/qpid/java/test-profiles/java-mms.0-9-1.testprofile b/qpid/java/test-profiles/java-mms.0-9-1.testprofile index 45e2fc7162..cec02f3aa6 100644 --- a/qpid/java/test-profiles/java-mms.0-9-1.testprofile +++ b/qpid/java/test-profiles/java-mms.0-9-1.testprofile @@ -24,7 +24,7 @@ broker.command=${project.root}/build/bin/qpid-server -p @PORT -m @MPORT @EXCLUDE broker.clean=${test.profiles}/clean-dir ${build.data} ${project.root}/build/work broker.ready=BRK-1004 broker.stopped=Exception -broker.protocol.excludes=--exclude-0-10 @PORT +broker.protocol.excludes=--exclude-0-10 @PORT --exclude-0-10 @SSL_PORT # # Do not enable. Allow client to attempt 0-10 and negotiate downwards # diff --git a/qpid/java/test-profiles/test_resources/ssl/certstore.jks b/qpid/java/test-profiles/test_resources/ssl/certstore.jks deleted file mode 100644 index 2af95f21f8..0000000000 Binary files a/qpid/java/test-profiles/test_resources/ssl/certstore.jks and /dev/null differ diff --git a/qpid/java/test-profiles/test_resources/ssl/java_broker.crt b/qpid/java/test-profiles/test_resources/ssl/java_broker.crt new file mode 100644 index 0000000000..7543ee8a7d --- /dev/null +++ b/qpid/java/test-profiles/test_resources/ssl/java_broker.crt @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICVzCCAcCgAwIBAgIFAJVWeugwDQYJKoZIhvcNAQEFBQAwQTELMAkGA1UEBhMC +Q0ExEDAOBgNVBAgTB09udGFyaW8xDTALBgNVBAoTBEFDTUUxETAPBgNVBAMTCE15 +Um9vdENBMB4XDTExMDgxNzEzNTQ1NFoXDTExMTExNzEzNTQ1NFowejEQMA4GA1UE +BhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQ +MA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEeMBwGA1UEAxMVbG9j +YWxob3N0LmxvY2FsZG9tYWluMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCj +VSo/qOCDsPXQ2HKn2M4ey1FzK6NORkWYefFu5fDFJUKKPXXA8Ey9rPDv+XGGIQKI +6JlmD2nnjp8Em7+/xa6u4XbFqLR8ycmgldGB7r8RbH3B7KYY3s4AxL9A3/TzHza4 +FJAk2X4LTVWHuX8tB/JyLS6695NSLoI5xKW4maARxwIDAQABoyIwIDAJBgNVHRME +AjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBBQUAA4GBAFsexncH +xxTjk9YMoPpjjU0t/UgzjBLEruIIQQ/EtcZIOEqNCDwpzfgY/x7GVCy8VjLISgzK +xJsNv75F/vP8a4eaeTRJmrvVcWUZJu6r/A8WNwJVYUvXhy2+jbfdp/UMlRg+ODw7 +GMU9ILQW4LGJnTtJKrlVrcQqzw6IZRduEE65 +-----END CERTIFICATE----- diff --git a/qpid/java/test-profiles/test_resources/ssl/java_broker.req b/qpid/java/test-profiles/test_resources/ssl/java_broker.req new file mode 100644 index 0000000000..05fc8b0eda --- /dev/null +++ b/qpid/java/test-profiles/test_resources/ssl/java_broker.req @@ -0,0 +1,10 @@ +-----BEGIN NEW CERTIFICATE REQUEST----- +MIIBujCCASMCAQAwejEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UE +BxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEeMBwGA1UEAxMV +bG9jYWxob3N0LmxvY2FsZG9tYWluMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCjVSo/qOCD +sPXQ2HKn2M4ey1FzK6NORkWYefFu5fDFJUKKPXXA8Ey9rPDv+XGGIQKI6JlmD2nnjp8Em7+/xa6u +4XbFqLR8ycmgldGB7r8RbH3B7KYY3s4AxL9A3/TzHza4FJAk2X4LTVWHuX8tB/JyLS6695NSLoI5 +xKW4maARxwIDAQABoAAwDQYJKoZIhvcNAQEFBQADgYEAjXXfPRv7xQYY3R8lZ78/0gbXZ35Lq/1h +6sxShXfqXxFXE8oP4uGLTlsnSvfsHQL60ihKP3V+nv/zIxNudAsrM57x70owUWyp/bm0XXD89X0T +zEBP9OQexDTwC2r/8gvYMi++022LMTluEPw29bCsp6usuKh61eLmekprpNlhs5M= +-----END NEW CERTIFICATE REQUEST----- diff --git a/qpid/java/test-profiles/test_resources/ssl/java_broker_keystore.jks b/qpid/java/test-profiles/test_resources/ssl/java_broker_keystore.jks new file mode 100644 index 0000000000..4c4449e20d Binary files /dev/null and b/qpid/java/test-profiles/test_resources/ssl/java_broker_keystore.jks differ diff --git a/qpid/java/test-profiles/test_resources/ssl/java_client_keystore.jks b/qpid/java/test-profiles/test_resources/ssl/java_client_keystore.jks new file mode 100644 index 0000000000..e3a850a248 Binary files /dev/null and b/qpid/java/test-profiles/test_resources/ssl/java_client_keystore.jks differ diff --git a/qpid/java/test-profiles/test_resources/ssl/java_client_truststore.jks b/qpid/java/test-profiles/test_resources/ssl/java_client_truststore.jks new file mode 100644 index 0000000000..2af95f21f8 Binary files /dev/null and b/qpid/java/test-profiles/test_resources/ssl/java_client_truststore.jks differ diff --git a/qpid/java/test-profiles/test_resources/ssl/keystore.jks b/qpid/java/test-profiles/test_resources/ssl/keystore.jks deleted file mode 100644 index e3a850a248..0000000000 Binary files a/qpid/java/test-profiles/test_resources/ssl/keystore.jks and /dev/null differ -- cgit v1.2.1